CyberheistNews Vol 15 #10 | March 10th, 2025
How to Spot a Phishing Website Before It Steals Your Data
Our increasing dependence on the internet and specifically email for business and personal communication has produced the perfect environment for cybercriminals to launch phishing attacks.
As organizations' technical controls have advanced, cybercriminals have evolved their attacks, making them more difficult for traditional email security solutions that use signature-based detection, such as Microsoft and secure email gateways (SEGs) to detect.
These attacks are also more difficult for people to spot. In results published from a phishing simulation test, 53% of employees opened phishing emails and 23% input data into a form. Only seven% of employees reported the simulation to the Security team.
These numbers are concerning when you consider how costly data breaches can be for businesses. IBM estimates that the average cost reached $4.4m in 2025.
What is a phishing website?
A phishing website is used by cybercriminals for malicious purposes, like credential theft or financial fraud. People frequently wind up on phishing websites after clicking on a link in a malicious email. Phishing websites can be created using spoofed or lookalike domains or they can be built as part of a compromised legitimate website (this is a social engineering technique known as water-holing).
Cybercriminals can use phishing websites in multiple different ways. For example, the target might be presented with a log-in screen to enter their credentials, which are then scraped by the cybercriminal for use in account takeover attacks; or they might be prompted to enter payment details to confirm an order or pay for an item that will never arrive; or they might even automatically download malicious files or do so via a prompt on the webpage.
Six tips for how to identify fraudulent websites
As phishing websites are one of the most common types of payload used in phishing attacks, here are our top six methods.
[CONTINUED] Blog post with links
https://blog.knowbe4.com/how-to-identify-a-phishing-website
[NEW AGENT!] Custom Security Awareness Proficiency Assessment
We are excited to announce our newest AI agent, the Custom SAPA Agent! This agent builds on KnowBe4’s proven Security Awareness Proficiency Assessment framework while introducing adaptive intelligence through AIDA.
The Custom SAPA Agent moves beyond one-size-fits-all testing by learning your organization's security stack, policies and workflows. It then builds an assessment tailored to your organization's unique environment to help you measure the security knowledge that matters most to you.
The result is more relevant questions and actionable insights that you can use to better identify knowledge gaps, prioritize training and make confident decisions about how to strengthen your human risk management program.
The Custom SAPA Agent is now available to AIDA subscribers.
TurboTax SMS Scam
By Roger Grimes
It is tax season in the United States and that means plenty of tax scams. I am a TurboTax user, so hey, these might be legit, even though they look scammy. I first looked up the ttax[.]us domain using GoDaddy’s Whois service. The ttax[.]us domain is not valid.
Fact is, scammers would not have sent out a scam message using a non-existent domain, so it probably means that it was taken down. Well, that’s good! I decided to ask Bing if ttax[.]us was related to TurboTax. Here’s what I got (shown below):
You should see the screenshots... It is not a pretty picture.
The Convergence: Why Your Human Risk Management Strategy Can’t Ignore AI
The workplace is no longer just humans. If not today, your organization will soon manage a hybrid workforce of humans and AI agents working alongside your employees, accessing systems and making decisions. And both are targets!
Join us for an exclusive discussion between guest speaker Jinan Budge, VP & Research Director at Forrester, and Bryan Palma, President & CEO of KnowBe4. Together, they will explore the urgency of AI adoption and the seismic shift currently occurring in human risk management (HRM).
This category emerged specifically to overcome the shortcomings of security awareness training in the medium term. But when AI agents can be prompt-engineered just as easily as humans can be socially engineered, your security strategy needs to evolve.
You'll discover:
- The current state of human risk management
- Why traditional one-size-fits-all security awareness training fails to change behavior or prepare people for AI threats
- The convergence of human and AI vulnerabilities and how phishing, deepfakes and prompt-engineered attacks exploit the same trust mechanisms whether the target is a human or an AI agent
- How to detect and report on human and human-to-AI risk with business-ready insights leadership can understand and act upon
- Practical first steps to build security programs that protect humans and agents, reduce manual overhead, and scale with AI adoption
You'll leave with a clear understanding of where HRM is headed, how to measure and manage human risk at scale, and concrete steps to secure your workforce.
Date/Time: TOMORROW, Wednesday, March 11 @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/ai-human-risk-management-webinar?partnerref=CHN2
Phishing Simulation: How It Works to Reduce Risk
Phishing isn’t just increasing. It’s outpacing the way many organizations test for it. Attacks have surged four hundred% year over year, and corporate users are now more likely to be targeted by phishing than by malware. As social engineering becomes a primary entry point into enterprise environments, how you assess phishing risk matters just as much as how often you train for it.
Many phishing programs still rely on predictable scenarios and fixed templates, even as real-world attacks become more sophisticated. Today’s phishing messages are designed to blend into everyday work, referencing familiar tools, imitating trusted senders, and arriving at moments when people are busy or distracted.
In that environment, surface-level testing can miss the behaviors that quietly create risk.
Phishing simulations are most effective when they evolve alongside attacker techniques. Realistic scenarios that change over time make it possible to see how users actually behave under pressure and where habits and controls break down. As attackers increasingly use automation and AI to scale and personalize their lures, simulations also need to stay adaptive to remain meaningful.
Key Takeaways
- A phishing simulation is a safe, controlled way to test how users respond to realistic phishing tactics.
- The most effective programs follow a repeatable cycle of testing, measurement and reinforcement over time.
- AI-powered phishing simulations help keep testing realistic, varied and aligned with how phishing tactics evolve.
- When used consistently, phishing simulations help organizations identify risk patterns and strengthen everyday decision-making.
[CONTINUED] Blog post with risks
https://blog.knowbe4.com/phishing-simulation-how-it-works
Automate Incident Response and Maximize SOC Efficiency
Your security team is drowning in alerts, and threats are slipping through. With SOC teams facing more than four thousand, four hundred daily alerts, over forty% of which are false positives, the vast majority of organizations are overwhelmed by backlogs.
The result? A five-hour response gap that leaves threats sitting in your employee inboxes for days or weeks. Stop gambling with unaddressed alerts using technology that collapses the time-to-containment from hours to minutes.
During this demo, you'll discover how PhishER Plus empowers the dangerous vulnerability window between threat detection and containment by combining triple-validated threat intelligence with human oversight:
- Accelerate Response times with AI-powered automation that allows you to code custom rules in plain English, reduce manual email review time by up to 99%, and eliminates alert fatigue
- Leverage unmatched threat intelligence from thirteen+ million global users, KnowBe4 Threat Research Lab, and leading third-party integrations, catching zero-day threats that bypass SEGs and other ICES defenses
- Maintain complete visibility and control over AI-driven decisions with PhishML Insights, eliminating black-box uncertainty and reducing false positives that waste $875K annually
- Remove threats automatically from all mailboxes with Global PhishRIP before users can interact with them, eliminating the risk of employees otherwise falling for the attack
- Convert real attacks into targeted training opportunities with PhishFlip, reinforcing vigilant employee behavior while showcasing security awareness gaps
Discover how PhishER Plus customers achieve 650% ROI within the first year. Transform your employees into your most valuable defenders while meeting SOC efficiency targets.
Date/Time: Wednesday, March 18 @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/phisher-demo-3?partnerref=CHN
Phishing on Messaging Apps: How Attackers Use WhatsApp, Teams, Slack, and SMS
Messaging platforms are now a major vector for phishing and other social engineering attacks, according to a new report from NCC Group’s Fox-IT.
What is phishing on messaging apps?
Phishing on messaging apps is a type of social engineering attack where cybercriminals use text messages, chat apps or collaboration platforms to trick users into clicking malicious links, sharing credentials, downloading malware or sending sensitive information.
These attacks can happen over SMS, WhatsApp, Microsoft Teams, Slack, Telegram, Discord and similar platforms.
"Messaging platforms are being leveraged as attack vectors by serving as initial access points, delivery channels and coordination infrastructure within modern attack chains," the researchers write.
"Threat actors have used these to deliver phishing links, malicious attachments, QR codes and fake invitations that exploit legitimate platform features. Even encrypted messaging services are being used to distribute mobile malware and spyware, either through direct user interaction (such as opening files or links) or through feature abuse that enables silent account access.
"In parallel, platforms such as Telegram are being utilized to host phishing infrastructure, malware repositories, stolen data and automated bot-based services that support large-scale fraud and intrusion campaigns."
The researchers predict that these attacks will increase as more users adopt these technologies.
"The use of messaging platforms as an attack vector is expected to increase further as these services continue to expand in functionality and integrate with other digital ecosystems," Fox-IT says. "Some messaging apps are increasingly converging with payments, cloud storage, authentication and enterprise services. This creates new opportunities for abuse beyond simple message delivery.
"At the same time, attackers are refining their techniques that exploit platform-specific features and user behavior rather than vulnerabilities in underlying encryption. As messaging platforms replace email and SMS as the primary mode of communication in many regions and organizations, threat actors are likely to treat them as a default vector for initial access, malware delivery and campaign coordination."
What is the difference between messaging app phishing and email phishing?
Phishing attacks no longer live only in the inbox. While email remains a major attack vector, threat actors are increasingly using SMS, chat and collaboration tools to target employees where they are most responsive. Understanding the differences between email phishing and messaging app phishing helps organizations build stronger awareness training and reduce human risk across every communication channel.
Check out the table with the differences (there are quite a few) on this post:
https://blog.knowbe4.com/threat-actors-abuse-messaging-platforms-to-launch-phishing-attacks
Prompt Injection Is Becoming the “SQL Injection of AI.”
Every time software learns to act on our behalf, attackers find a way to manipulate it.
This week alone we saw multiple examples. Researchers demonstrated a zero-click prompt-injection attack against Perplexity’s Comet AI browser that could extract files and passwords simply by hiding instructions inside content like calendar invites.
A separate flaw in Chrome’s Gemini Live assistant allowed malicious extensions to access cameras, microphones and local files. Meanwhile, an open-source AI agent platform was compromised through weak local authentication.
The pattern is familiar. The moment software evolves from passive tools to agents that execute actions, the attack surface multiplies.
The deeper issue is prompt injection itself. These attacks work because AI systems can’t reliably distinguish between data and instructions. Malicious commands hidden in documents, webpages or emails get interpreted as legitimate prompts.
If that sounds familiar, it should. Only a few years ago, SQL injection exploited the same design flaw: apps executing commands hidden inside user input. Prompt injection is shaping up to be the SQL injection of the AI era. A simple concept with enormous impact.
And just like SQL injection, the fix won’t be a single patch. It will require better isolation, strict permission boundaries and a security mindset built around untrusted input.
Because when AI agents start acting for us, attackers will try to act through them.
Let's stay safe out there.
Warm regards,
Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.
PS: Your KnowBe4 Fresh Content Updates from February 2026
https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-february-2026
- Albert Schweitzer - Humanitarian (1875 - 1965)
- William James - Philosopher (1842 - 1910)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-16-10-how-to-spot-a-phishing-website-before-it-steals-your-data
Warning: Executives Need to be on the Lookout for Social Engineering Attacks
Executives and other high-profile individuals need to be increasingly wary of targeted social engineering attacks, according to researchers at Rapid7.
"Social engineering is one of the most effective techniques in the attacker’s toolkit because it targets human vulnerabilities," the researchers write. "Adversaries routinely scrape social platforms, correlate breached data, and perform targeted reconnaissance on executives and other high-value individuals.
"This intelligence fuels tailored attack paths that often bypass traditional security controls, putting the individual and the enterprise at risk." Threat actors can easily find publicly available information to craft tailored attacks directed at specific individuals.
"Across industries, we found that surface web data, public records, social media activity, and leaked credentials combine to create a detailed profile that threat actors can weaponize," Rapid7 says. "In many cases, sixty% of an individual’s digital risk exposure is retrievable through a simple surface web search.
"When paired with breached credentials circulating in criminal forums, that information fuels business email compromise, spear phishing, impersonation, and even hybrid cyber-physical threats."
All employees may be targeted by social engineering, but executives are particularly valuable targets due to their level of access and authority within an organization.
"The elevated online visibility of a company's executives presents a substantial cybersecurity vulnerability," the researchers write. "Their extensive digital footprint — encompassing professional profiles, public statements, and personal social media — serves as an invaluable intelligence source for malicious actors.
"This exposure renders executives prime targets for advanced persistent threats, including sophisticated phishing attacks, impersonation schemes, and the emerging threat of AI deepfakes. A successful compromise of an executive's digital account extends beyond individual privacy concerns.
"It can directly facilitate unauthorized access to sensitive corporate data, instigate financial fraud, and inflict severe reputational damage, critically undermining the organization's overall security posture."
AI-powered security awareness training can give your organization an essential layer of defense against evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day.
Rapid7 has the story
https://www.rapid7.com/blog/post/tr-new-rapid7-report-digital-executive-footprints-exposing-organizations/
Report: Internal AI Tools Are a Growing Threat
AI tools are posing new and evolving threats to organizations, according to a new report from Thales. The report found that 61% of organizations across multiple sectors cited AI as their top data security risk.
"The concern is not only about malicious AI, but about the access it is being granted as it shifts from a tool to a trusted insider," Thales says.
"As enterprises embed AI into workflows, analytics, customer service and development pipelines, these systems are being granted broad, automated access to enterprise data, often with fewer controls than those applied to human users in a corporate environment."
AI is also increasing the sophistication of external threats, drastically improving social engineering attacks.
"New dangers from AI-fueled disinformation and misinformation are universal, with 97% of all respondents reporting some form of organizational harm from AI-generated false information, including deepfake business email compromise, trademark or brand abuse, harm to key personnel, reputational damage or hiring fraud," the researchers write.
The researchers note that threats associated with AI are particularly difficult to address because of how quickly the technology is changing. "Security for AI is challenging, particularly given the pace of technology evolution," the report says.
"Notably, rapid change in the AI ecosystem is the leading AI-related security concern: 70% of respondents ranked it among the top three sources of risk. It is difficult to secure a moving target, and AI agents will only increase the number and velocity of such targets. Among AI- and LLM-based attacks, respondents reported the greatest growth in those aimed at exposing sensitive data."
"Understandably, AI security spending ranks second-highest in priority, trailing only cloud security, among 17 listed areas. One in four respondents ranked AI security among their top three spending categories."
Thales has the story:
https://www.businesswire.com/news/home/20260225599723/en/AI-The-New-Insider-Threat-Facing-Organizations/
What KnowBe4 Customers Say
Our latest video testimonial is from a former KnowBe4 customer, showing that our customers love us even when they embark on a new adventure. Edward at CertiVend wanted to share his KnowBe4 story and why he recommends us to other organizations as he starts his new venture as a business owner.
Why this customer believes in KnowBe4:
- We help organizations manage human risk
- Our training content reduces fatigue and delivers targeted content to the individuals who need it the most
- Measurable risk reduction in successful phishing attempts over time
Watch it here:
https://www.youtube.com/watch?v=as8eDbmxH8Q
- Threat actors exploit the war in Iran to launch scams:
https://www.bitdefender.com/en-us/blog/hotforsecurity/israel-iran-crisis-scams - UK warns of Iranian cyberattack risks amid Middle-East conflict:
https://www.bleepingcomputer.com/news/security/uk-warns-of-iranian-cyberattack-risks-amid-middle-east-conflict/ - Someone just open sourced a fully autonomous AI hacker and it's terrifying:
https://x.com/heynavtoor/status/2028719589241307635?s=66&t=vSAPngidkSaQJtTdB6pOmw - Russian propaganda network uses ChatGPT to plan influence operations in Africa:
https://therecord.media/russian-propaganda-network-rybar-using-chatgpt-in-africa - LexisNexis Investigates Massive Data Breach by FULCRUMSEC:
https://dailydarkweb.net/lexisnexis-investigates-massive-data-breach-by-fulcrumsec/ - As Cybersecurity Firms Chase AI, VC Market Skyrockets:
https://www.darkreading.com/cybersecurity-analytics/cybersecurity-firms-chase-ai-vc-market-skyrockets - Threat actors use web-based indirect prompt injection attacks to trick AI agents:
https://unit42.paloaltonetworks.com/ai-agent-prompt-injection/ - Global Takedown Neutralizes Tycoon2FA Phishing Service:
https://www.infosecurity-magazine.com/news/global-takedown-tycoon2fa-phishing/ - Sprawling FBI, European operation takes down Leakbase cybercriminal forum:
https://therecord.media/leakbase-cybercrime-fbi-europe-takedown - Hackers built a botnet that lives on Blockchain:
https://www.instagram.com/reels/DVbcFqwEdO_/
- Virtual Vaca #1 Cruising Musandam Fjords in Oman: Dolphins & Scenic Views in 4K:
https://youtu.be/L7ih9UVubRI - Virtual Vaca #2 How To Visit The BEST ISLANDS In Okinawa 2026 Travel Guide:
https://youtu.be/ptmKQhvQLxQ - Virtual Vaca #3 Venice: the impossible city – how was it built?:
https://youtu.be/63XtkfQM-o4 - Elite Skills Compilation | Best of the Week!:
https://youtu.be/8FbFSzabZQI - Jazz Age Paris c.1930: Roaring 20s Era Footage Restored to Life:
https://youtu.be/SC9KUQGlRvQ - Why Japan Built the Rainiest Place on Earth:
https://youtu.be/INt4sBK8WPU - Back Cam View Wingsuit Flight over Magical Terrain With Live Stats:
https://youtu.be/fySXw8VW3LU - The world's best basketball freestyle dunks by the Hungarian slam dunk team 'Lords of Gravity' are super awesome:
https://www.flixxy.com/acrobatic-slam-dunk-team-lords-of-gravity.htm?utm_source=chn&utm_medium=email - China's Most Agile Robots in 2026 – They're Doing Things That Shouldn't Be Possible:
https://youtu.be/_z5NxUToeZU - Next-Level HDR Intensity — 8K Ultra HD Dolby Vision 60fps:
https://youtu.be/_tAIA2bXiPs - [From The Archives] MythBusters: Can A Manhole Cover Really Replace A Flat Tire And Still Let You Drive?:
https://youtu.be/aoHq-Bo92iw - For Da Kids #1 - 84-Year-Old Parrot Hasn’t Smiled Since 1940’s:
https://youtu.be/4T0wEsVyuLw - For Da Kids #2 - Shy Baby Monkey Meets Someone Just Like Hero:
https://youtu.be/O7eK9NNqkkc - For Da Kids #3 - Guy Climbs Into Deep Mud To Save A Magpie:
https://youtu.be/QUsARigw3pM - For Da Kids #4- A big bad wolf trades hunting for cooking in this jaw-dropping French animated ad that's more short film than commercial:
https://www.flixxy.com/the-wolf-nobody-wanted-until-he-learned-to-cook.htm?utm_source=chn&utm_medium=email - For Da Kids #5 - Farm Dog Delivers Packages, Carries Eggs, and Runs the Whole Property:
https://youtu.be/U-jCkLWJLVQ
